ADef: an Iterative Algorithm to Construct Adversarial Deformations
About
While deep neural networks have proven to be a powerful tool for many recognition and classification tasks, their stability properties are still not well understood. In the past, image classifiers have been shown to be vulnerable to so-called adversarial attacks, which are created by additively perturbing the correctly classified image. In this paper, we propose the ADef algorithm to construct a different kind of adversarial attack created by iteratively applying small deformations to the image, found through a gradient descent step. We demonstrate our results on MNIST with convolutional neural networks and on ImageNet with Inception-v3 and ResNet-101.
Rima Alaifari, Giovanni S. Alberti, Tandri Gauksson• 2018
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Adversarial Attack | ImageNet-compatible Stable Diffusion context v1.4 (test) | ASR (MN-v2)56.6 | 38 | |
| Adversarial Attack | ImageNet-Compatible | HGD Score2.9 | 11 | |
| Image Quality Assessment | ImageNet (test) | NIMA Score (AVA)4.89 | 11 |
Showing 3 of 3 rows